AUTHENTICATION OF DATA COMMUNICATIONS
First Claim
1. An apparatus for authenticating communication between a user computer and a server via a data communications network, the apparatus comprising:
- a security device having;
a memory containing security data; and
a security logic configured to use the security data to generate an authentication response to an authentication message received from the server in use;
an interface device configured for data communication with the security device, the interface device having;
a receiver configured to receive from the user computer an authentication output containing the authentication message sent by the server to the user computer in use; and
an interface logic configured to extract the authentication message from the authentication output and to send the authentication message to the security device; and
a communications interface configured to connect to the server via a communications channel bypassing the user computer, wherein one of the security device and interface device is configured to send the authentication response to the server via the communications channel.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and apparatus are provided for authenticating communications between a user computer and a server via a data communications network. A security device has memory containing security data, and security logic to use the security data to generate an authentication response to an authentication message received from the server in use. An interface device communicates with the security device. The interface device has a receiver for receiving from the user computer an authentication output containing the authentication message sent by the server to the user computer in use, and interface logic adapted to extract the authentication message from the authentication output and to send the authentication message to the security device. Includes a communications interface for connecting to the server via a communications channel bypassing the user computer. Either the security device or interface device sends the authentication response to the server via the communications channel bypassing the user computer.
-
Citations
25 Claims
-
1. An apparatus for authenticating communication between a user computer and a server via a data communications network, the apparatus comprising:
-
a security device having;
a memory containing security data; and
a security logic configured to use the security data to generate an authentication response to an authentication message received from the server in use;an interface device configured for data communication with the security device, the interface device having;
a receiver configured to receive from the user computer an authentication output containing the authentication message sent by the server to the user computer in use; and
an interface logic configured to extract the authentication message from the authentication output and to send the authentication message to the security device; anda communications interface configured to connect to the server via a communications channel bypassing the user computer, wherein one of the security device and interface device is configured to send the authentication response to the server via the communications channel. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for authenticating communication between a user computer and a server via a data communications network, the method comprising:
-
sending an authentication message via the data communications network to the user computer; producing an authentication output containing the authentication message; receiving the authentication output from the user computer; extracting the authentication message from the authentication output; sending the authentication message to the security device; generating an authentication response to the authentication message using security data stored in the security device; and sending the authentication response to the server via a communications channel which bypasses the user computer.
-
-
8. An intrusion detection method for a data communications system in which a security device having memory containing security data is adapted for data communications with a remote server via an interface device for communicating with the server via a first communications channel and is operative to communicate with the server via at least one further communications channel, the method comprising:
-
sending an authentication message from the server to the security device using said first and said at lease one further channels in respective authentication communications; sending an authentication response generated from the security data by the security device to the server for mutual authentication thereof; detecting differences between authentication results from said communications using said first and said at lease one further channels; and identifying potentially compromised components of said data communications system based on said differences. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A data communications system, comprising:
-
a server; a first interface device operative to communicating data with the server via a first communications channel of the system; a security device having memory containing security data operative to communicate with the server via the first interface device and operative to communicate with the server via at least one further communications channel of the system; and intrusion detection logic; wherein the server and security device are operative to use said first and said at lease one further channels in authentication communications in which the server sends an authentication message to the security device and the security device sends an authentication response generated using said security data to the server for mutual authentication thereof; and wherein the intrusion detection logic is operative to detect differences between authentication results from said communications using said first and said at least one further channels and to identify potentially compromised components of the data communications system based on said differences. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. An authentication apparatus for authenticating data communications with a remote server, the apparatus comprising:
-
a security device having memory containing security data, and a security logic adapted to use the security data in authentication communications with the server to generate an authentication response to an authentication message received from the server; a first interface device adapted for data communications with the security device and adapted for data communications with the server via a first communications channel; at least one communications interface for communicating with the server via a second communications channel; and channel selection logic adapted to select one of said communications channels for authentication communications with the server in dependence on a security indicator associated with a communication from the server on the first communications channel, the channel selection logic being adapted to send said authentication response, generated by the security logic in said authentication communications, to the server via the selected communications channel. - View Dependent Claims (20, 21, 22, 23, 24)
-
-
25. A method for authenticating data communications with a remote server performed by a security device which has memory containing security data, the security device adapted for data communications with an interface device for communicating with the server via a first communications channel, and which is operative to communicate with the server via a second communications channel, the method comprising:
-
selecting one of said first and second communications channels for authentication communications with the server in dependence on a security indicator associated with a communication from the server on the first communications channel; in response to an authentication message received from the server, using said security data to generate an authentication response; and sending the authentication response to the server via the selected communications channel.
-
Specification